Lawful basis for processing data
The GDPR requires that Data Controllers establish a lawful basis for processing data. At least one of the following conditions must apply whenever personal data is processed:
Consent: the individual has given clear consent for us to process their personal data for a specific purpose
Contract: the processing is necessary for a contract that we have with the individual, or because they have asked us to take specific steps before entering into a contract
Legal obligation: the processing is necessary for us to comply with the law
Vital interests: the processing is necessary to protect someone’s life
Public task: the processing is necessary for us to perform a task in the public interest or for our official function, and the task or function has a clear basis in law
Legitimate interests: the processing is necessary for our legitimate interests or the legitimate interests of a third party unless there is a good reason to protect the individual’s personal data, which overrides those legitimate interests